diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 9e8d9f816..3ab1a1b9d 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -51,6 +51,7 @@ class Kernel extends HttpKernel 'guest' => \Pterodactyl\Http\Middleware\RedirectIfAuthenticated::class, 'server' => \Pterodactyl\Http\Middleware\CheckServer::class, 'admin' => \Pterodactyl\Http\Middleware\AdminAuthenticate::class, + 'daemon' => \Pterodactyl\Http\Middleware\DaemonAuthenticate::class, 'csrf' => \Pterodactyl\Http\Middleware\VerifyCsrfToken::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, diff --git a/app/Http/Middleware/DaemonAuthenticate.php b/app/Http/Middleware/DaemonAuthenticate.php new file mode 100644 index 000000000..73cb029d4 --- /dev/null +++ b/app/Http/Middleware/DaemonAuthenticate.php @@ -0,0 +1,71 @@ +. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +namespace Pterodactyl\Http\Middleware; + +use Closure; +use Pterodactyl\Models\Node; +use Illuminate\Contracts\Auth\Guard; + +class DaemonAuthenticate +{ + /** + * The Guard implementation. + * + * @var Guard + */ + protected $auth; + + /** + * Create a new filter instance. + * + * @param Guard $auth + * @return void + */ + public function __construct(Guard $auth) + { + $this->auth = $auth; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * @return mixed + */ + public function handle($request, Closure $next) + { + if (! $request->header('X-Access-Node')) { + return abort(403); + } + + $node = Node::where('daemonSecret', $request->header('X-Access-Node'))->first(); + if (! $node) { + return abort(404); + } + + return $next($request); + } +} diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php index fe23f9e99..08d960353 100644 --- a/app/Http/Middleware/VerifyCsrfToken.php +++ b/app/Http/Middleware/VerifyCsrfToken.php @@ -13,6 +13,7 @@ class VerifyCsrfToken extends BaseVerifier */ protected $except = [ 'remote/*', + 'daemon/*', 'api/*', ]; } diff --git a/app/Http/Routes/DaemonRoutes.php b/app/Http/Routes/DaemonRoutes.php index 3792dc8fd..7367fae5f 100644 --- a/app/Http/Routes/DaemonRoutes.php +++ b/app/Http/Routes/DaemonRoutes.php @@ -30,7 +30,7 @@ class DaemonRoutes { public function map(Router $router) { - $router->group(['prefix' => 'daemon'], function () use ($router) { + $router->group(['prefix' => 'daemon', 'middleware' => 'daemon'], function () use ($router) { $router->get('services', [ 'as' => 'daemon.services', 'uses' => 'Daemon\ServiceController@list', diff --git a/app/Http/Routes/RemoteRoutes.php b/app/Http/Routes/RemoteRoutes.php index ba8f47f9b..9ece1fb2e 100644 --- a/app/Http/Routes/RemoteRoutes.php +++ b/app/Http/Routes/RemoteRoutes.php @@ -42,11 +42,6 @@ class RemoteRoutes 'uses' => 'Remote\RemoteController@postInstall', ]); - $router->post('event', [ - 'as' => 'remote.event', - 'uses' => 'Remote\RemoteController@event', - ]); - $router->get('configuration/{token}', [ 'as' => 'remote.configuration', 'uses' => 'Remote\RemoteController@getConfiguration',